Kontron AT890X Full-Size CLI User Manual
Page 194
Quality of Service (QoS) Commands
AT8901/2/3
AT8901/2/3 CLI Reference Manual
Page 4 - 28
Format
access-list
<1-99> {deny | permit} {every | <srcip> <src-
mask>} [log] [assign-queue <queue-id>] [{mirror | redirect}
<unit/slot/port>]
Mode
Global Config
IP Extended ACL:
Format
access-list <100-199> {deny | permit} {every | {{icmp |
igmp | ip | tcp | udp | <number>} <srcip> <srcmask>[{eq
{<portkey> | <0-65535>} <dstip> <dstmask> [{eq {<portkey>|
<0-65535>}] [precedence <precedence> | tos <tos> <tosmask>
| dscp <dscp>] [log] [assign-queue <queue-id>] [{mirror |
redirect} <unit/slot/port>]
Mode
Global Config
Table 2. ACL Command Parameters
Parameter
Description
<1-99> or <100-199>
Range 1 to 99 is the access list number for an IP standard ACL.
Range 100 to 199 is the access list number for an IP extended
ACL.
{deny | permit}
Specifies whether the IP ACL rule permits or denies an action.
Note: For 5630x and 5650x-based systems, assign-queue, redi-
rect, and mirror attributes are configurable for a deny rule, but
they have no operational effect.
every
Match every packet
{icmp | igmp | ip | tcp |
udp | <number>}
Specifies the protocol to filter for an extended IP ACL rule.
<srcip> <srcmask>
Specifies a source IP address and source netmask for match
condition of the IP ACL rule.
[{eq {<portkey> |
<0-65535>}]
Specifies the source layer 4 port match condition for the IP
ACL rule. You can use the port number, which ranges from 0-
65535, or you specify the
<portkey>
, which can be one of the
following keywords:
domain, echo, ftp, ftpdata,
http, smtp, snmp, telnet, tftp
, and
www
. Each of
these keywords translates into its equivalent port number,
which is used as both the start and end of a port range.
<dstip> <dstmask>
Specifies a destination IP address and netmask for match condi-
tion of the IP ACL rule.
[precedence <precedence>
| tos <tos> <tosmask> |
dscp <dscp>]
Specifies the TOS for an IP ACL rule depending on a match of
precedence or DSCP values using the parameters
dscp
,
pre-
cedence
,
tos/tosmask
.
[log]
Specifies that this rule is to be logged.